Abstract: A security component on a mobile device collects data on security events, and determines an assessment of security state and severity levels using a database containing security threat data. A server receives security event data, performs an additional security state assessment, and transmits it for display on the mobile device or a webpage. Display of a security state assessment includes status indicator signals, and lists and charts of security events.

Abstract: Data regarding user actions on a user device is gathered from the user device (and/or from another computing device) by a server. The data is analyzed to make a decision. The decision is sent by the server to the user device (e.g., directly or via another computing device) and then used by the user device to implement a new action on the user device. This process may be automatically repeated in order to provide real-time customization of the user device.

Abstract: Detection, identification, and control of application behavior dealing with malware, security risks, data privacy, or resource usage can be difficult in an era of complex, composite software applications composed of multiple components. Software applications are analyzed to determine their components and to identify the behaviors associated with each of the components. Components can also be analyzed with respect to similarity of previously known components. Behaviors can include use of personal identifying information or device information, or any actions that can be taken by applications on the device, including user interface displays, notifications, network communications, and file reading or writing actions. Policies to control or restrict the behavior of applications and their components may be defined and applied. In one embodiment this can include the identification of advertising networks and defining policies to permit various opt-out actions for these advertising networks.

Abstract: Detection, identification, and control of application behavior dealing with malware, security risks, data privacy, or resource usage can be difficult in an era of complex, composite software applications composed of multiple components. Software applications are analyzed to determine their components and to identify the behaviors associated with each of the components. Components can also be analyzed with respect to similarity of previously known components. Behaviors can include use of personal identifying information or device information, or any actions that can be taken by applications on the device, including user interface displays, notifications, network communications, and file reading or writing actions. Policies to control or restrict the behavior of applications and their components may be defined and applied. In one embodiment this can include the identification of advertising networks and defining policies to permit various opt-out actions for these advertising networks.

Abstract: A security analysis of data received on a mobile communications device includes gathering information about the data through at least two of multiple network interfaces, each of the at least two network interfaces having different protocols. Based upon the gathering, a first protocol is assigned to the data received from a first of the at least two network interfaces. A second protocol is assigned to the data received from a second of the at least two network interfaces. A common security analysis is performed on at least a part of the data received from each of the first and second network interfaces to determine whether the data received by the mobile communications device is safe or malicious.

Abstract: The present invention provides a system and method for reporting security information relating to a mobile device. A security component identifies security events on the mobile device that are processed on the mobile device or by a server. The security component then determines a security assessment for the mobile device based upon the detected security events. The security state assessment can be displayed in various different formats on the mobile device display or on a client computer through a user interface. The display may be persistent in the form of a desktop widget or home-screen item which enables the user or administrator to verify the functioning of security protection on the device and be alerted if the device needs attention without having to specifically seek such information.

Abstract: The present invention is a system and method for providing security for a mobile device by analyzing data being transmitted or received by multiple types of networks. The invention can provide security for many types of network interfaces on a mobile device, including: Bluetooth, WiFi, cellular networks, USB, SMS, infrared, and near-field communication. Data is gathered at multiple points in a given processing pathway and linked by a protocol tracking component in order to analyze each protocol present in the data after an appropriate amount of processing by the mobile device. Protocol analysis components are utilized dynamically to analyze data and are re-used between multiple data pathways so as to be able to support an arbitrary number of network data pathways on a mobile device without requiring substantial overhead.

Abstract: The present invention provides a system and method for remotely securing, accessing, and managing a mobile device or group of mobile devices. The invention enables a remote access web page to be generated by a server and displayed on a client computer. The server receives requested actions from the client computer and interacts with the mobile device to perform the actions. In the case of a lost or stolen device, the invention enables a user to take actions leading to the recovery or destruction of the device and data stored on it. The invention enables multiple types of remote access, including: locking the device, backing up data from the device, restoring data to the device, locating the device, playing a sound on the device, and wiping data from the device. The invention may be used to provide both self-help and administrator-assisted security for a device or group of devices.

Abstract: The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device.

Abstract: Mobile devices may often communicate with network (“cloud”) services that require an account. Because it may be undesirable to require user interaction when creating an account, it may be desirable to create an account associating a mobile device to a network service without requiring a user to explicitly enter authentication information, such as a username and password. In an embodiment, data corresponding to a mobile device is obtained to generate authentication information which is then sent to messaging address of a user. In another embodiment, in response to an event, a mobile device obtains an identifier for a user, sends the identifier to a server, where the server transmits one set of authentication information to a messaging address associated with the user and another set of authentication information to the device.

Abstract: Mobile devices typically have some form of audio capabilities designed to be operated by the device's user, for example to place phone calls; however, if a device is misplaced or stolen, the user may wish to operate those audio capabilities remotely. Techniques are provided for determining when an audio transmission should be established between a device and one or more clients, and sending a command to initiate the audio transmission. The determination may be based on receiving a request from a client, detecting at a server that the device is lost or stolen, or detecting at the device that the device is missing. The audio transmission may be established without user intervention at the device or in response to user action at the portable electronic device. Device settings such as audio settings at the device may be overridden in connection with the audio transmission.

Abstract: When attempting to recover a lost or stolen mobile device, it is often desirable to remotely command the device to play a sound in order to allow the device to be located or alert nearby people. In order to allow the owner of a lost device to remotely initiate the sound, a server generates a remote access user interface and it is displayed on a client computer that allows the owner to send a request the server to initiate the playing of the sound on the device. The interface may allow the user to customize the sound by selecting from a list of pre-configured sounds, recording a sound, uploading a sound, or purchasing a sound. The sound may also be input as text and converted to sound for playing on the mobile device.

Abstract: The present invention is a system and method for detecting and preventing attacks and malware on mobile devices such as a cell phones, smartphones or PDAs, which are significantly limited in power consumption, computational power, and memory. The invention enables mobile devices to analyze network data, executable data files, and non-executable data files in order to detect and prevent both known and unknown attacks and malware over vectors that are not typically protected by desktop and server security systems. Security analysis is performed by a combination of “known good,” “known bad,” and decision components. The invention identifies known good executables and/or known characteristics of network data or data files that must be present in order for the data to be considered good. Furthermore, known good and known bad identifier databases may be stored on a server which may be queried by a mobile device.

Abstract: The present invention is a system and method for creating, developing and testing cross-platform software for mobile communications devices. The invention enables mobile device software that must be highly-integrated with the operating system on which it runs to be implemented in a cross-platform manner. Security software for mobile devices is a prime beneficiary of the present invention, as a substantial proportion of its functionality is identical between different platforms yet integrated very specifically into each platform it supports. The cross-platform system includes a core platform-independent component, a platform-specific component, and an abstraction layer component, each of which may communicate with each other using a common defined API. The present invention enables the platform-independent component to be completely re-used between platforms and allows the platform-specific and abstraction components to contain minimal amounts of code on each platform.

Abstract: A mobile device's level of access to services provided by a service provider is based on a current security state assessment of the mobile device. Mobile devices are granted different access levels to services based on the security state of the device. A security component can assess the current security state of the mobile device by processing security data generated by the mobile device. In a specific embodiment, the security component is at the mobile device. In another specific embodiment, the security component is at a server.

Abstract: The present invention provides a system and method for reporting security information relating to a mobile device. A security component identifies security events on the mobile device that are processed on the mobile device or by a server. The security component then determines a security assessment for the mobile device based upon the detected security events. The security state assessment can be displayed in various different formats on the mobile device display or on a client computer through a user interface. The display may be persistent in the form of a desktop widget or home-screen item which enables the user or administrator to verify the functioning of security protection on the device and be alerted if the device needs attention without having to specifically seek such information.

Abstract: The present invention is a system and method for providing security for a mobile device by analyzing data being transmitted or received by multiple types of networks. The invention can provide security for many types of network interfaces on a mobile device, including: Bluetooth, WiFi, cellular networks, USB, SMS, infrared, and near-field communication. Data is gathered at multiple points in a given processing pathway and linked by a protocol tracking component in order to analyze each protocol present in the data after an appropriate amount of processing by the mobile device. Protocol analysis components are utilized dynamically to analyze data and are re-used between multiple data pathways so as to be able to support an arbitrary number of network data pathways on a mobile device without requiring substantial overhead.

Abstract: The present invention is a system and method for detecting and preventing attacks and malware on mobile devices such as a cell phones, smartphones or PDAs, which are significantly limited in power consumption, computational power, and memory. The invention enables mobile devices to analyze network data, executable data files, and non-executable data files in order to detect and prevent both known and unknown attacks and malware over vectors that are not typically protected by desktop and server security systems. Security analysis is performed by a combination of “known good,” “known bad,” and decision components. The invention identifies known good executables and/or known characteristics of network data or data files that must be present in order for the data to be considered good. Furthermore, known good and known bad identifier databases may be stored on a server which may be queried by a mobile device.

Abstract: The present invention is a system and method for creating, developing and testing cross-platform software for mobile communications devices. The invention enables mobile device software that must be highly-integrated with the operating system on which it runs to be implemented in a cross-platform manner. Security software for mobile devices is a prime beneficiary of the present invention, as a substantial proportion of its functionality is identical between different platforms yet integrated very specifically into each platform it supports. The cross-platform system includes a core platform-independent component, a platform-specific component, and an abstraction layer component, each of which may communicate with each other using a common defined API. The present invention enables the platform-independent component to be completely re-used between platforms and allows the platform-specific and abstraction components to contain minimal amounts of code on each platform.

Abstract: The present invention is directed toward a secure platform which enables mobile devices, such as a cell phones, smartphones, or PDAs, to have relationships with services or service providers that are controlled by the state of security on each device. In an embodiment, the platform is comprised of a server that receives data from security software on a mobile device regarding the device's security state. The platform enables access to a service to be granted, denied, or limited based on the security state of the mobile device. The platform may provide two-way communications between a mobile device and a service so that the platform can enforce access security both from the client to the service and from the service to the client. Furthermore, the platform allows services or service providers to evaluate the security state of a device independently of using the platform to communicate with the device.